(RADIATOR) Redback is sending too many Access-Requests
Mishari Al-Faris
mishari26 at gmail.com
Tue Jan 31 05:53:47 CST 2006
Dear Hugh,
This is an example that you suggested a while back to mitigate excessive
requests coming from DSL NASes.
I've been trying to modify it to our needs but have been getting compilation
errors. Let me just explain what I wish to do instead of going through what
I did wrong.
I'd like to count the access trials per "user" not per "NAS". If a certain
username is seen trying more than say 1 request per 5 seconds, I want to
ignore the request, and not go through my AuthPLSQL AuthBy clause. Is this
possible? thanks.
# RequestHook for AuthBy INTERNAL
# This hook counts the number of access requests that are received for a
# particular NAS, and returns an ACCEPT if there are more than 100 per
second.
# A Session-Timeout reply attribute is added to the reply with a random
# value between 1 and 1200 seconds(20 minutes).
#
# Note: these values should be altered as required.
#
# Hugh Irvine, Open System Consultants, 20050829
sub
{
my $p = $_[0];
my $time = time;
my $code = $p->code;
my $nas = $p->{Client};
if ($time == $nas->{last_throttle_time} && $code eq 'Access- Request')
{
if (++$nas->{throttle_count} > 100)
{
$p->{rp}->add_attr('Session-Timeout', int (rand(1200) + 1));
return ($main::ACCEPT, 'Conditional flood control');
}
}
else
{
$nas->{throttle_count} = 0;
}
$nas->{last_throttle_time} = $time;
return ($main::IGNORE, 'Continue to proxy');
}
Here is an example of how to use the hook.
<Handler .....>
AuthByPolicy ContinueWhileIgnore
<AuthBy INTERNAL>
RequestHook file:"throttle.pl"
AddToReply .....
</AuthBy>
# normal AuthBy
<AuthBy .....>
.....
</AuthBy>
</Handler>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060131/7bdba9bf/attachment.html>
More information about the radiator
mailing list